refactor: simplify Sign() timestamp handling

Specify timestamp when calling AddObject, rather than on the data object itself.
sylabs · Nov 3, 2021 · 39cce7c · 39cce7c
1 parent 3e721c6
commit 39cce7c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 27 deletions.
diff --git a/pkg/integrity/sign.go b/pkg/integrity/sign.go
@@ -31,7 +31,6 @@ type groupSigner struct {
 	f         *sif.FileImage   // SIF image to sign.
 	id        uint32           // Group ID.
 	ods       []sif.Descriptor // Descriptors of object(s) to sign.
-	timeFunc  func() time.Time // Func to obtain SIF data object timestamp.
 	mdHash    crypto.Hash      // Hash type for metadata.
 	sigConfig *packet.Config   // Configuration for signature.
 	sigHash   crypto.Hash      // Hash type for signature.
@@ -62,14 +61,6 @@ func optSignGroupObjects(ids ...uint32) groupSignerOpt {
 	}
 }
 
-// optSignGroupWithObjectTime specifies fn as the func to obtain SIF data object timestamp.
-func optSignGroupWithObjectTime(fn func() time.Time) groupSignerOpt {
-	return func(gs *groupSigner) error {
-		gs.timeFunc = fn
-		return nil
-	}
-}
-
 // optSignGroupMetadataHash sets h as the metadata hash function.
 func optSignGroupMetadataHash(h crypto.Hash) groupSignerOpt {
 	return func(gs *groupSigner) error {
@@ -99,10 +90,9 @@ func newGroupSigner(f *sif.FileImage, groupID uint32, opts ...groupSignerOpt) (*
 	}
 
 	gs := groupSigner{
-		f:        f,
-		id:       groupID,
-		timeFunc: time.Now,
-		mdHash:   crypto.SHA256,
+		f:      f,
+		id:     groupID,
+		mdHash: crypto.SHA256,
 	}
 
 	// Apply options.
@@ -174,7 +164,6 @@ func (gs *groupSigner) signWithEntity(e *openpgp.Entity) (sif.DescriptorInput, e
 	return sif.NewDescriptorInput(sif.DataSignature, &b,
 		sif.OptNoGroup(),
 		sif.OptLinkedGroupID(gs.id),
-		sif.OptObjectTime(gs.timeFunc()),
 		sif.OptSignatureMetadata(gs.sigHash, e.PrimaryKey.Fingerprint),
 	)
 }
@@ -262,9 +251,10 @@ func withGroupedObjects(f *sif.FileImage, ids []uint32, fn func(uint32, []uint32
 
 // Signer describes a SIF image signer.
 type Signer struct {
-	f       *sif.FileImage
-	signers []*groupSigner
-	e       *openpgp.Entity
+	f        *sif.FileImage
+	signers  []*groupSigner
+	e        *openpgp.Entity
+	timeFunc func() time.Time
 }
 
 // NewSigner returns a Signer to add digital signature(s) to f, according to opts.
@@ -290,15 +280,15 @@ func NewSigner(f *sif.FileImage, opts ...SignerOpt) (*Signer, error) {
 	}
 
 	s := Signer{
-		f: f,
-		e: so.e,
+		f:        f,
+		e:        so.e,
+		timeFunc: so.timeFunc,
 	}
 
 	var commonOpts []groupSignerOpt
 
 	if so.timeFunc != nil {
 		commonOpts = append(commonOpts,
-			optSignGroupWithObjectTime(so.timeFunc),
 			optSignGroupSignatureConfig(&packet.Config{
 				Time: so.timeFunc,
 			}),
@@ -367,7 +357,7 @@ func (s *Signer) Sign() error {
 			return fmt.Errorf("integrity: %w", err)
 		}
 
-		if err := s.f.AddObject(di); err != nil {
+		if err := s.f.AddObject(di, sif.OptAddWithTime(s.timeFunc())); err != nil {
 			return fmt.Errorf("integrity: failed to add object: %w", err)
 		}
 	}

diff --git a/pkg/integrity/sign_test.go b/pkg/integrity/sign_test.go
@@ -365,7 +365,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        1,
 				ods:       []sif.Descriptor{d1},
-				timeFunc:  time.Now,
 				mdHash:    crypto.MD4,
 				sigConfig: &config,
 			},
@@ -378,7 +377,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        1,
 				ods:       []sif.Descriptor{d1},
-				timeFunc:  time.Now,
 				mdHash:    crypto.SHA1,
 				sigConfig: &config,
 			},
@@ -391,7 +389,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        1,
 				ods:       []sif.Descriptor{d1},
-				timeFunc:  time.Now,
 				mdHash:    crypto.SHA1,
 				sigConfig: &config,
 			},
@@ -403,7 +400,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        1,
 				ods:       []sif.Descriptor{d2},
-				timeFunc:  time.Now,
 				mdHash:    crypto.SHA1,
 				sigConfig: &config,
 			},
@@ -415,7 +411,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        1,
 				ods:       []sif.Descriptor{d1, d2},
-				timeFunc:  time.Now,
 				mdHash:    crypto.SHA1,
 				sigConfig: &config,
 			},
@@ -427,7 +422,6 @@ func TestGroupSigner_SignWithEntity(t *testing.T) {
 				f:         twoGroups,
 				id:        2,
 				ods:       []sif.Descriptor{d3},
-				timeFunc:  time.Now,
 				mdHash:    crypto.SHA1,
 				sigConfig: &config,
 			},